Client-side AI PR review with your own model endpoint.
PullScope is a zero-backend workbench for reviewing public GitHub pull requests. Paste a PR URL, inspect deterministic local risk signals, and optionally combine them with an AI review directly from your browser against an OpenAI-compatible endpoint.
It is designed as a portfolio-grade open-source devtool: useful without login, static-hostable on GitHub Pages, security-aware, and polished enough to show real product engineering.
PullScope is built to showcase browser-native AI on top of Chrome's built-in LanguageModel API and Gemini Nano availability checks.
| Browser AI capability | PullScope support |
|---|---|
| Google AI / Chrome AI ready UX | Chrome AI is the first provider option and has a dedicated readiness flow. |
| Gemini Nano readiness | PullScope can check availability, prepare the browser-managed model, and show download progress where Chrome exposes it. |
| No API key path | Chrome AI runs through the browser runtime with no base URL, auth header, CORS setup, or model API key. |
| Local-first review | Deterministic risk scoring always runs first, then Gemini Nano can add file-aware AI review context. |
| Debuggable raw output | Chrome AI raw responses are shown in the UI fallback and logged to the browser console for inspection. |
PullScope is not affiliated with Google. Google, Chrome, Gemini, and Gemini Nano names are used only to describe compatibility with browser features exposed by Chrome.
- Parses public GitHub PR URLs like
https://github.com/owner/repo/pull/123. - Fetches PR metadata and changed files from the public GitHub REST API.
- Scores risk locally without AI.
- Highlights dependency, lockfile, infrastructure, security, test, large-diff, and many-file signals.
- Shows reviewer persona notes for security, reliability, maintainability, and DX.
- Includes demo data for rate-limit or offline demos.
- Supports Chrome AI through the browser-native
LanguageModelAPI when Gemini Nano is available. - Provides BYOK provider setup for OpenAI-compatible model endpoints.
- Supports model switching through provider suggestions and browser-side
/modelsrefresh where CORS allows it. - Lets you choose automatic, Responses API, or Chat Completions endpoint routing.
- Runs browser-side CORS diagnostics across model-list, Responses, Chat, and minimal completion probes.
- Combines deterministic local risk with optional AI review output.
- Generates a Codex-ready Markdown review brief.
PullScope is a static frontend only.
There is:
- no backend
- no proxy
- no database
- no serverless function
- no OAuth flow in the MVP
- no GitHub writeback
- no committed API key
GitHub reads use public unauthenticated REST endpoints by default. For private repositories, users can paste a fine-grained GitHub token with read-only repository access; that token is sent directly from the browser to api.github.com and is not stored by PullScope. All model calls, when enabled, are sent directly from the user's browser to the endpoint they configure.
PullScope runs entirely in your browser. Your model key is sent directly from your browser to the endpoint you configure. PullScope has no backend and cannot store your key on a server.
Memory-only mode is the default and recommended behavior. Use temporary, restricted, low-limit, read-only tokens. Optional session or local profile saving is an advanced opt-in and stores only provider, model, base URL, and endpoint mode. API keys and GitHub tokens remain memory-only.
Because this is a browser-only app, CORS matters. If a provider does not allow requests from the current origin, PullScope cannot bypass that policy without adding a backend or proxy, which is intentionally outside the MVP architecture.
Chrome AI is the browser-native exception: it uses Chrome's built-in LanguageModel API when Gemini Nano is available on the user's desktop browser, so it does not need a base URL, API key, or CORS-compatible endpoint.
PullScope can analyze private GitHub PRs when the user provides a fine-grained GitHub token with read-only access to the target repository. The token is used only for browser-side GitHub REST calls and is cleared on refresh. A full browser-only OAuth flow would require a registered GitHub OAuth/GitHub App flow and is intentionally separate from the no-backend token path.
| Provider | Base URL | Default Endpoint |
|---|---|---|
| OpenAI | https://api.openai.com |
/v1/responses, fallback /v1/chat/completions |
| Groq | https://api.groq.com |
/openai/v1/chat/completions |
| Ollama | http://localhost:11434 |
/v1/chat/completions |
| LM Studio | http://localhost:1234 |
/v1/chat/completions |
| Chrome AI | browser-managed | Chrome LanguageModel API |
| Custom | user-defined | Responses or Chat Completions compatible |
Local model notes:
- Ollama may require browser origin/CORS configuration depending on your setup.
- LM Studio may need CORS enabled for browser access.
- Local HTTP endpoints work best while developing locally. Remote HTTPS deployments may be blocked by mixed-content rules when calling
http://localhost.
The Codex-ready brief is generated from the current PR metadata, deterministic risk score, top file signals, and reviewer persona notes. It is Markdown-only and can be copied into Codex or another code-review assistant without requiring the model review step.
- Public PRs only.
- GitHub unauthenticated rate limits apply.
- Patch snippets can be omitted by GitHub for large or binary files.
- AI review quality depends on the configured provider and model.
- No OAuth, private repository access, or GitHub comment writeback in the MVP.
- No full repository analysis.
npm install
npm run dev
npm test
npm run build
npm run previewThe repository includes a GitHub Actions workflow at .github/workflows/deploy.yml.
During GitHub Actions builds, Vite derives the Pages base path from GITHUB_REPOSITORY, so forks and renamed repositories use their own repository slug automatically.
In GitHub:
- Open repository settings.
- Go to Pages.
- Set source to GitHub Actions.
- Push to
main.
PullScope demonstrates:
- frontend product engineering
- API integration without a backend
- static deployment constraints
- security-aware BYOK UX
- AI tooling integration
- useful deterministic analysis before model calls
- polished dashboard and developer workflow design
It is intentionally scoped as a practical open-source devtool, not a SaaS.